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@ Method for establishing licensor changeable limits on software usage. 



in 
to 



@ A system and method for establishing licen- 
sor changeable limits on shared software usage 
without the licensor having access to the sys- 
tem on which the shared software is running. 
An encrypted numerical limit value is embedded 
in ttie licensed software (program); when the 
program is executed ("accessed"), as a first 
step, the program decrypts the limit value (204) 
and compares rt to the number of users cur- 
rently accessing the shared program (210). If 
the number of users is less than the limit, then 
access is allowed (214). If the number of users » 
equal to (or greater than) the limit, then access 
is denied (212). 
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Technical Field 

This invention relates to the field of data process- 
ing, andp more specifically, to the field of limiting ac- 
cess to software wherein the limit may be changed by 
the licensor. 

Background of the Invention 

In software licensing agreements, especially for 
multi-user software, licensors convnonly include con- 
tractual limits on the numt)er of users who may have 
access to the software, the number of simultaneous 
users, and/or the number of total accesses. This is 
particularly important in licenses for multi-user soft- 
ware packages used in telephone switching systems 
where software-controlled features are licensed on a 
per-line basis. A problem in the art is that there is no 
effective method of enforcing and policing such 
agreements even with audits of software usage 
and/or site inspectk)ns. 

Summary of the Invention 

This problem is soh^ed and a technical advance 
is achieved in the art by a method for establishing li- 
censor changeable limits on shared software usage 
without the licensor having access to the system on 
which the shared software is running. An encrypted 
numerical limit value is embedded In the licensed 
software (program); when the program is executed 
("accessed"), as a first step, the program decrypts 
the limit value and compares it to the number of users 
currently accessing the shared program. If the num- 
ber of users is less than the limit, then access is al- 
lowed. If the number of users is equal to (or greater 
than) the limit, then access is denied. The licensor 
may supply the licensee with a new encrypted Iknit 
value to raise the number of allowed accesses. 

Since the licensee does not have access to the 
encryption algorithm, it cannot change the limit value. 
If the licensee attempts to enter a random string as 
the encrypted limit value and the decrypted value is 
not valkJ, then access is denied to everyone. Further- 
more, the number of accesses to the encrypted value 
nuiy be limited (i.e., two or three times a week), to pre- 
vent the licensee from attempting to determine the 
encryption algorithm. 

In the context of a telephone switching system, 
features provided to customers are generally control- 
led by shared software packages ("programs"). In 
this context, each time a customer is allowed access 
to a protected feature, the encrypted limit is decrypt- 
ed and compared with the number of users currentiy 
using the feature. If the number of users is less than 
the limit, then the user is allowed to use the feature. 
Otherwise, the user is not allowed to use the feature. 
The encrypted limit, an alphanumeric string, can be 



changed using standard field update facilities. 

Brief Description of the Drawing 

5 FIG. 1 is a block diagram of a switching network 

configuration, including an exemplary embodi- 
ment of this invention; 

FIG. 2 is a flow chart of the general implementa- 
tion of an exemplary embodin^ent of this inven- 
10 tion; 

FIG. 3 is an exemplary maintenance screen as 
displayed on the maintenance console of RG. 1 
illustrating an update of the encrypted alphanu- 
meric string; 

15 FIG. 4 is an exemplary maintenance screen as 
displayed on the maintenance console of FIG. 1 
illustrating an update of user access to a shared 
feature; and 

FIG. 5 is a flow chart describing another exenv 
20 plary embodiment of this inventk)n. 

Detailed Description 

This invention will be described in connection 

25 with the telephone switching system, as illustrated in 
FIG. 1, but the applicatk)n of this system is much 
broader. For example, a method for establishing li- 
cense or changeable limits on shared programs ac- 
cording to this invention may be used in a general pur- 

30 pose, progranvcontrolled computer system. 

The telephone switching network configuration 
of FIG. 1 has two central office switches, 100 and 
200, and inter-switch signaling network 250, e.g., a 
comnmn channel signaling (CCS7) network and fllus- 

35 trative communications stations, including conven- 
tional analog telephone station sets 23, 25, and 201, 
an integrated services digital network OSDN) tele- 
phone set 1 1 , and data terminal 1 3. Switches 1 00 and 
200 are interconnected by communication path 26, 

40 which may include intermediate switches. 

Illustratively, switch 100 is a distributed control 
ISDN electron k: switching system such as the system 
disclosed in U.S. Patent 4,592,048, issued to M. W. 
Beckner, etal., on May 27, 1986. Alternatively, switch 

45 100 may be a distributed control, analog or digital 
switch, such as a 5ESS® switch manufactured by 
AT&T and described in the AT&T Technical Journal, 
V. 64, No. 6, July/August, 1985, pages 1303-1564. 
Switch 100 includes a number of switching mod- 

50 ules (SMs 1 1 0, 1 20, 1 30), each associated wit h a dif- 
ferent set of telephone station sets or trunks. Each 
switching nrK>dule includes a control unit for controlling 
connections to and from its associated telephone sta- 
tion sets or trunks. Switching module 110, for exan)- 

55 pie, includes control unit 110 for controlling connec- 
tions to and from telephone station set 11. Switching 
module 120 includes control unit 121 for controlling 
connections to and from station set 23. Each control 
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unit comprises a processor 125 and nnemory 126. 
Each nnemory 126 includes a database 127, wherein 
processor 125 stores configuration and operational 
data, as is known in the art For example, lists of fea- 
tures associated with telephone station sets 23 and 
25 are stored in database 127. Features such as call 
forwarding, three-way calling, and the like are con- 
trolled by software programs stored in menrK)ry 126, 
and executed by processor 125, using data stored in 
database 127. 

The architecture of switch 100 includes convnu- 
nk:atk>n module (CM) 150 as a hub with S¥ntchlng 
modules 110, 120, and 130, and an administrative 
module (AM) 160 emanating therefrom. AM 160 pro- 
vkJes maintenance and provisioning information and 
commands to SMs 110, 120, and 130, as is known in 
the art, from maintenance terminal 165. 

Switching module 110 terminates digital sub- 
scriber lines, e.g. 12. Switching module 120 termin- 
ates conventional analog lines (i.e., tip ring pairs), 22, 
24. and provides circuit-switched c/nnecttons to and 
from associated telephone sets 23. and 25. Switching 
nKxJule 130 is similar to switching nnodules 110 and 
120. but includes the appropriate analog or digital 
trunk unit (not shown) for interfecing with the outgo- 
ing trunks included in communicatton path 26 to 
switch 200. To complete the description of switch 100, 
conrvnunication nKxlule 1 50 acts as a switch fabric for 
communication anrK)ng switch modules and adminis- 
trative module (AM) 160. Switch 200 is shown con- 
nected to a conventional analog telephone statk>n set 
201. for purposes of illustration. The architecture of 
switch 200 and the types of telephone statk)n sets 
served by switch are not important to the present in- 
vention and are thus not described further. 

In the context of switch 100, the method for es- 
tablishing licensor changeable limits on software us- 
age can be used illustratively to limit the number of tel- 
ephone subscribers who can subscribe to a particular 
feature, for example, call forwarding. It is well known 
in the art that features such as call forwarding are li- 
censed by switch vendors to customers (operating 
companies) on a per-line basis. For example, call for- 
warding may be provkJed on switch 100 for 5,000 
lines. It is in the Ik^nsor's interest, therefore, to have 
a mechanism that limits the number of lines (users) 
that may use call forwarding at any given time, if the 
operating company has nK>re users that want call for- 
warding than the limit allows, the operating company 
may request and pay for additional line ailocatk>ns, 
wherein the vendor may supply a new limit 

Turning now to FIG. 2, a flow chart for a general 
case of this invention is shown. During the building of 
the executable program that controls the switching 
system, a library is linked into the program, as is 
known in the art, controlling the feature program (in 
this example the call forwarding feature), which in- 
cludes a decryptton algorithm and a routine to deter- 



mine whether to allow access to the program. This 
routine follows the general flow chart shown in FIG. 
2. Starting in box 200, a request is received to access 
a particular feature. In box 202 a count is made of the 

5 users currently using the feature. In t>ox 204 the ac- 
cess limit is decrypted using the algorithm k)aded 
when the program was buDt The specific encryption 
algorithm is not important to this invention, as any en- 
cryptbn algorithm may be used without departing 

10 from the scope of this invention. It is to the licensor's 
benefit, of course, to have a difficult encryption algo- 
rithm to prevent licensees from reverse engineering 
the encryption algorithnrt 

Processing continues to decision diannond 206 

15 where a determinatk>n is made whether the decrypt- 
ed access limit is valid. The decrypted limit is conv 
pared to a range of known values. If the limit is out of 
range or does not decrypt into a numerical value, then 
it is presumed that the encrypted access limit has 

20 been tampered with. Therefore, if, in decision dia- 
mond 206, the decryption access limit is not valid, 
then access to the feature is denied in box 208. 

If, in decisk>n dianrrand 206. the decrypted access 
limit is valid, then processing proceeds to decision di- 

25 amend 210. where a determination is made if the 
number of users is less than the decrypted access 
limit If the number of users is greater than the de- 
crypted access limit, then, in box 212. access to the 
feature is denied. If the number of current users is 

30 less than the decrypted access limit, then In box 214, 
access is allowed. 

Turning now to FIG. 3, a screen as displayed on 
maintenance terminal 165 (FIG. 1) is shown, illustrat- 
ing the access limit update screen. As stated at>ove. 

35 the encrypted access limit nr^ be changed. This fea- 
ture is advantageous when, for example, the licensee 
desires to have tnore users access a particular fea- 
ture, for example, call forwarding. The licensee would 
pay for the increased number of lines to use the fea- 

40 ture, and the licensor would provkle the lk:ensee with 
a new encrypted access limit In FIG. 3, a string rep- 
resenting an encrypted access limit is shown at 300. 
The string may be changed using the maintenance 
console keyboard. Field 310 shows the current ac- 

45 cess limit, which is the maximum allowable users for 
the particular feature. Field 310 equals the decrypted 
access limit 300. 320 shews the number of users cur- 
rently accessing the protected feature. Preferably, 
the encrypted access limit field 300 may be changed 

50 only a few times over a predetermined time period. 
For example, allowing changes to the encrypted ac- 
cess limit field 300 three times a week, akis in pre- 
venting a licensee from attempting to reverse engi- 
neer the encryption algorithm by replacing the field 

55 randomly until a valid string is found. 

Turning now to FIG. 4, a screen showing a feature 
selection list for a particular subscriber (user) is 
shown. When the licensee allows a subscriber access 
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to a feature, for example, call forwarding, the licensee 
updat%s the sut)scrit>er's profile. A typical update 
screen Is shown In the example of FIG. 4. The sub- 
scriber is Identified by telephone number and then a 
list of avaiable features is displayed. For example. 5 
call forwarding 400 Is allowed for this subscriber. Call 
waiting 410 and three-way calling 420 are not al- 
lowed. When call forwarding 400 is allowed, that is, 
the "NO" is changed to "YES", as Illustrated. During 
such updates, the licensed software checks to deter- io 
mine If the licensee has reached the license limit for 
allowing access to the shared software (I.e., the call 
forwarding feature), tf the license limit has been 
reached, the software will not allow the update. In 
this example, the "YES" will automatically turn to is 
"NO". 

This embodiment ts further useful when ISDN 
subscribers may turn features on or off by themselves 
at any given time. A screen (such as FIG. 4), may be 
displayed at a reniote terminal 1 3 (FIG. 1 ), controlling 20 
features for telephone 11 (FIG.1). Up to 5.000 sut>- 
scribers may use call forwarding at any given time, but 
the operating company may allow more than that 
number of subscribers the abDity to use call forward- 
ing. In this example, when a subscriber attempts to 2S 
turn on a feature, the licensed software may permit 
only 5,000 subscribers to use call forwarding. 

This invention may also be used to limit the ab- 
solute number of telephone subscribers (users) sut>- 
scribing to features such as call forwarding. A main- 30 
tenance screen such as FIG. 4 is displayed each time 
a telephone subscriber feature is changed. When a 
change is made (changing a "NO" to "YES" In field 
400 to allow this subscriber to use call forwarding, for 
example), the system checks to determine whether 35 
the limit of the number of subscribers that have call 
forwarding available has been reached. If the sub- 
scriber limit has not been reached, then the feature is 
allowed forthis subscriber. If the limit is reached, then 
the feature is denied. 40 

Afurther use forthis invention is to turn software 
(program) protected by this invention "OFF" as pro- 
vided by the licensor, and then "ON" after a license 
fee is paid. The encrypted alphanumeric string sets a 
limit of zero for turning the program "OFP and sets a 45 
limit of infinity for "ON". This may be useful, for exanv 
pie, when software is provided with a system as an 
option that may be turned on later. The licensor does 
not have to supply different or additional software for 
each customer. The licensor merely supplies the ap- 50 
propriate encrypted string according to what the li- 
censee has pakl for. 

This invention may also be used to control the to- 
tal number of accesses which may be made to a fea- 
ture. In other words, this Invention may be used to al- 55 
low a licensee to use a particular feature 5,000 times 
and no more. This aspect of this invention may be 
useful, for example, for software operable on a per- 



sonal computer, or other system where the licensee 
may desire a limited license to use software. In this 
embodiment, each time any user attempts to access 
the license feature, a check Is made of the total num- 
ber of previous accesses, which is compared with the 
license limit Both the access limit and the count of 
the total number of previous accesses are stored In 
encrypted form to prevent unauthorized change. FIG. 
5 illustrates a flow chart according to this embodi- 
ment of the Invention. 

In box 500, a request is made to access the pro- 
gram, and, in box 502. the count of previous accesses 
Is decrypted from an encrypted, stored value. Proc- 
essing continues to decision diamond 504 where a 
determination is n^de If the decrypted count is valid. 
The decrypted count may not be valki if it is out of a 
certain range or alternatively does not decrypt into a 
numeric value. The count may be out of range or non- 
numeric if the licensee attempts to change the en- 
crypted count of prevkHJs accesses. If the decrypted 
count is not valM, then access is denied in t>ox 506. 
tf in decision dianrand 504 the decrypted count is va(- 
id, then processing continues to box 508 where the 
access limit is decrypted. Processing continues to de- 
c»bn diamond 510 where a determination is made if 
the decrypted access limit is valid. The parameters 
for validity of the limit are generally the same as for 
the decrypted count If the decrypted access limit is 
not valkl, then access is denied in box 512. 

If the decrypted access limit valid In decisk)n 
diamond 510. then processing continues to dedston 
diamond 514 where the determination is made if the 
count is less than the limit If the count is not less than 
the limit, then access is denied in box 51 6. tf t he count 
is less than the limit, then in dedston diamond 514 
processing continues to box 518 where the count is 
incremented. In box 520, the count is then encrypted 
so that it may be stored in a form that the licensee 
cannot nrKxJif y. Processing ends In box 522 where ac- 
cess is allowed to the feature or software. 



Claims 

1. A method for provkiing licensor control of the 
number of users accessing one or nnore licensed 
programs in a computer system arranged to exe- 
cute a plurality of licensed programs, wherein one 
or more of sakJ plurality of Ircensed programs is 
accessible by a plurality of users, without said li- 
censor having access to sakj computer system, 
said method comprising the steps of: 

requesting access to sakl program (200); 

establishing a limit value by decrypting a 
portion of a previously encrypted alphanumeric 
string provkied by sakJ licensor (204); 

comparing saki limit value to the number 
of users currentiy accessing sakJ program (210); 
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denying access to said program rf said 
number is greater than said limit value (212); and 

allowing access to said program if said 
number Is less than said limit value (214). 

2. A method according to dalm 1 wherein said erv 
crypted alphanunneric string may be updated by 
said licensee replacing said encrypted alphanu- 
meric string with a further encrypted alphanume- 
ric string provided by said licensor, thus permit- 
ting said licensor to change the limit value of the 
number of users. 

3. A method according to dalm 2 wherein the nunrv 
ber of licensee updates of said encrypted alpha- 
numeric string over a predetermined period of 
time Is limited to aid in preventing said licensee 
from determining the encryption algorithm. 

4. A nrmthod according to dalm 1 further comprising 
the step of verifying that said limit value is a valid 
numeric value after said step of decrypting said 
encrypted alphanumeric string; and 

denying access to said licensed program if 
said limit value is not a valid numeric value, so 
that said licensee cannot replace said encrypted 
alphanumeric string with random values in order 
to drcumvent the encryption algorithm. 

5. A method of limiting t he number of accesses to a 
licensed program in a computer system arranged 
to execute said licensed program, wherein said li- 
censed program Is accessit>le a limited number of 
tinves, said limit being set by a licensor, without 
said licensor having access to said computer sys- 
tem comprising the steps of: 

requesting access to said program (500); 

establishing a number of accesses by de- 
crypting a previously encrypted f irst alphanume- 
ric string (502); 

establishing a limit by decrypting a previ- 
ously encrypted second alphanumeric string 
(508); 

comparing said limit to the number of ac- 
cesses (514); 

if said number of accesses is equal to or 
greater than said limit, denying access to said 
feature (516); and 

if said number of accesses is less than 
said limit, allowing access to said feature (522), 
incrementing sakJ numt>er of accesses (518), and 
encrypting said number of accesses into said first 
alphanumeric string (520). 

6. A method according to dalm 5 wherein said sec- 
ond encrypted alphanumeric string may be up- 
dated by a licensee repladng said second en- 
crypted alphanumeric string with a further en- 



crypted alphanumerk: string provided by sakJ li- 
censor, thus permitting a licensor to change the 
limit value of the number of accesses without 
having access to said computer system. 

5 

7. A method according to daim 6 wherein the nunrv 
berof updates of said second encrypted alphanu- 
meric string over a predetermined period of time 
is limited to prevent a licensee from determining 

10 the encryption algorithm. 

8. Amethod according to daim 5further comprising 
the steps of verifying that said number of access- 
es is a valid numeric value after said step of de- 

15 crypting said first encrypted alphanumeric string; 

verifying that said limit is a valid numeric 
value after said step of decrypting said second 
encrypted alphanumeric string; and 

denying access to said licensed program if 

20 said number of accesses or said limit is not a valid 
numeric value, to prevent said licensor from re- 
pladng said firet or second encrypted alphanu- 
meric string with random values in order to dr- 
cumvent the encryption. 

25 

9. A method for providing licensor control to limit the 
number of usere accessing one or more features 
simultaneously in a telephone switching system 
providing a plurality of features, wherein one or 

30 more of said features is accessible by a plurality 
of usere, without said licensor having access to 
said switching system, said method comprising 
the steps of: 

requesting access to said feature; 
35 establishing a limit value by decrypting a 

portion of a previously encrypted alphanumeric 
string provided by said licensor; 

comparing saki limit to the number of 
usere currently accessing said feature; 
40 denying access to said feature if said nunrv 

ber is greater than said limit; and 

allowing access to said feature if said num- 
ber is less than said limit 

45 10. A method according to daim 9 wherein said en- 
crypted alphanumeric string may t>e updated by 
a iicensee repladng said encrypted alphanume- 
ric string with a further encrypted alphanumeric 
string provided by said licensor, thus permitting a 

50 licensor to change the limit value of the number 
of usere without having access to said systenrt 

11. Amethod according to daim 10 wherein the num- 
ber of updates of said encrypted alphanumeric 
55 string over a predetermined period of time is linv 
ited to aid in preventing a licensee from drcunv 
venting the encryption algorithm. 
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12. A method according to daim 9 further comprising 
the step of verifying that said limit is a valid nu- 
meric value after said step of decrypting said en- 
crypted alphanumeric string; and 

denying access to said feature if said limit s 
is not a valid nunrmric value, to prevent said li- 
censee fipom replacing said encrypted alphanu- 
meric string with random values in order to cir- 
cumvent the encryption algorithm. 

10 

13. A system for providing licensor control of the 
number of users accessing said one or nrK>re fea- 
tures in a telephone switching system having a 
plurality of features, wherein one or more of said 
features is accessible by a plurality of users, with- is 
out said licensor having access to said switching 
system, said control system comprising: 

means responsh^e to a request for access 
to a controlled feature for decrypting a portion of 
a previously encrypted alphanumeric string pro- 20 
vided by said licensor to establish a limit value; 
and 

means responsive to said decrypted limit 
value for comparing said limit to the number of 
users currently accessing said feature, wherein 25 
said comparing means denies access to said fea- 
ture if said number is greater than said limit, and 
allows access to said feature if said number is 
less than said limit 

30 

14y A system according to daim 13 further induding 
means for updating said encrypted alphanumeric 
string that replaces said encrypted alphanumeric 
string with a further encrypted alphanumeric 
string provided by said licensor, thus permitting a 35 
licensor to change the limit value of the number 
of users. 

15. A system according to daim 14 further induding 
means for limiting the number of updates of said 40 
encrypted alphanumeric string over a predeter- 
mined period of time to prevent a licensee from 
drcumventing the encryption algorithnru 

16. A system according to daim 1 3 further compris- 45 
ing means for verifying that said limit is a valid nu- 
meric value responsive to said decrypting means, 
said verifying means denying access to said fea- 
ture if said limit is not a valid numeric value, thus 
preventing said licensor from repladng said en- 50 
crypted alphanumeric string with random values 

in order to drcumvent the encryption algorithm. 
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